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REMARKS 

Claims 1, 12 and 21 have been amended as indicated above in 
accompaniment of a Request for Continued Examination under 37 C.F.R. § 1.114. 
The amendments to the claims are supported at least by the text of the Application 
at page 9, line 23 to page 10, line 2, as well as page 11, lines 5-18, as originally 
filed. The Applicant respectfully requests that this application be allowed and 
forwarded on to issuance. 

Examiner Interview 

Applicant respectfully thanks the Examiner for the time spent on the 
telephone discussing the disposition of this case with Applicant's representative. 
During the telephone communication, Applicant and the Examiner discussed the 
cited art, as well as their respective viewpoints regarding the "global" and "local" 
screening sections and the respective screens of each of the subject matter. 
Applicant and the Examiner were in disagreement regarding the level of 
distinction of the screening sections, which the Examiner regarded as nominal. 
Applicant acknowledges receipt of the corresponding Interview Summary dated 
August 28, 2006. 

While the Applicant believes that the claim amendments submitted 
herewith are unnecessary, such amendments are made in the spirit of cooperation 
and to advance prosecution of the present matter. 



S 102 Rejections 

Claims 1, 4-12, 16-21 and 24-28 are rejected under 35 U.S.C. § 102(b) as 
being anticipated by David Scott and Richard Sharp, Abstracting Application- 
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Level Web Security , May 7-11, 2002 (hereinafter, "Scott")- 



The Claims 

Claim 1 (as amended) recites a method, comprising: 



• receiving data input through a web page from a cHent device; 

• referencing a declarative module to determine a client input security 
screen to apply to the data input from the client device, wherein the 
declarative module comprises: 

• a global section that includes at least one client input security 
screen that applies to any type of client input value; and 

• an individual values section that includes at least one client input 
security screen that applies to a particular type of client input 
value; and 

• applying multiple client input security screens to the data input from 
the client device, including at least one client input security screen 
from the global section of the declarative module and at least one 
client input security screen from the individual values section of the 
declarative module, wherein the client input security screens are 
distinct from one another, and wherein one or more predetermined 
symbols are removed without replacement from the data input. 

(Emphasis added.) 



In making out the rejection of this claim, the Office argues that its subject 
matter is anticipated by Scott. Apphcant respectfully disagrees and traverses the 
Office's rejection. For the reasons set forth below, the rejection for anticipation is 
invalid and should be withdrawn. 

Specifically, Scott fails to provide that one or more predetermined symbols 
are removed without replacement from the data input, as positively recited by the 
subject matter of this claim, as amended. 

Specifically, Scott provides for HTML security policies and techniques. 
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based upon the use of Constraints (e.g., parameter name "pi" must be of type 
"int", etc.), and Transformation rules (e.g., predetermined meta-characters to be 
replaced by their respective numerical representations - a procedure referred to as 
HTML-Encode, etc.). (Pages 4-6 of Scott). Scott further states that: 

"For this reason, we adopt the convention that all parameters are HTML- 
encoded unless explicitly specified otherwise in the security policy." (Page 
6 of Scott) (Emphasis theirs). 

Thus, Scott contemplates an operation wherein all meta-characters within 
the respective parameters of a user input are replaced with their corresponding 
numerical representations. Therefore, each meta-character is replaced with some 
representative value. However, such a replacement operation is not the same as 
removing , without replacement , one or more predetermined symbols from the 
data input , as recited by the subject matter of claim 1, as amended. Thus, Scott 
fails to provide at least one feature as positively recited by the subject matter of 
this claim. 

Furthermore, Scott is completely lacking a declarative module that 
com prises a global section that includes at least one client input security screen 
that applies to any type of client input value , and an individual values section that 
includes at least one client input security screen that apphes to a particular type of 
client input value , as further recited by the subject matter of claim 1. The 
immediately foregoing deficiency of Scott has been argued previously in the 
prosecution of this matter and is not reiterated here in the interest of brevity. 

In view of the foregoing deficiencies of Scott, the Applicant contends that 
the § 102 rejection against claim 1 (as amended) is imsupportable and must be 
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withdrawn. The Applicant asserts that claim 1, as amended, is allowable. 

Claims 4-11 are allowable at least by virtue of their dependence from an 
allowable base claim, as well as for their own respectively patentable subject 



Claim 12 (as amended) recites a system, comprising: 



• a web page server unit configured to provide one or more web pages 
to one or more client devices over a distributed network; 

• means for receiving client input data; 

• a declarative module configured to include multiple client input 
security screens that declare screening rules for client input, 
wherein the declarative module comprises: 

• a global section that includes one or more client input security 
screens that are applied to all types of client input; and 

• an individual values section that includes one or more client 
input security screens that are applied to specified types of client 
input; and 

• a client input security screening unit configured to apply the 
screening rules for client input to the client input data and to perform 
one or more actions on invalid client input data, wherein the 
screening rules are from distinct client input security screens from 
the global section and the indi\^dual values section, and wherein the 
client input security screening unit is further configured to 
remove without replacement one or more predetermined 
symbols from the client input data. 

(Emphasis added.) 



In making out the rejection of this claim, the Office argues that its subject 
matter is anticipated by Scott. Apphcant respectfully disagrees and traverses the 
Office's rejection. For the reasons set forth below, the rejection for anticipation is 
invalid and should be withdrawn. 

Further, Scott fails to provide a system (or anything else), wherein the 
client input security screening unit is further configured to remove without 
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replacement one or more predetermined symbols from the client input data, as 
positively recited by the subject matter of this claim, as amended. 

Specifically, Scott further fails to provide a declarative module configured 
to include multiple client input security screens that declare screening rules for 
client input, wherein the declarative module comprises a global section that 
includes one or more client input security screens that are applied to all types of 
client input , and an individual values section that includes one or more client input 
security screens that are applied to specified types of client input , as positively 
recited by the subject matter of claim 12. 

In view of the foregoing deficiencies of Scott, and for reasons analogous to 
those argued above in regard to claim 1 (as amended), the Applicant asserts that 
the § 102 rejection of claim 12, as amended, is unsupportable and should be 
withdrawn. The Applicant asserts that claim 12 (as amended) is allowable. 

Claims 16-20 are allowable at least by virtue of their dependence from an 
allowable base claim, as well as for their own respectively patentable subject 
matter. 

Claim 21 (as amended) recites one or more computer-readable media 
containing computer- executable instructions that, when executed on a computer, 

perform the following steps: 

• serving a web page to a client over a distributed network; 

• receiving client input via the web page; 

• comparing the client input with multiple and distinct client input 
security screens stored in a security declarative module, wherein the 
security declarative module includes a global section configured 
to screen all types of client input values and an individual values 
section configured to screen particular types of client input 
values; 

• if invalid client input is detected, performing a screening action on 
the invalid client input as indicated by the security declarative 
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module; and 

• wherein the client input security screens included in the security 
declarative module can be applied to multiple web pages; and 

• wherein one or more predetermined symbols are removed 
without replacement from the client input. 

(Emphasis added.) 

In making out the rejection of this claim, the Office argues that its subject 
matter is anticipated by Scott. Applicant respectfully disagrees and traverses the 
Office's rejection. For the reasons set forth below, the rejection for anticipation is 
invalid and should be withdrawn. 

Specifically, Scott fails to provide for any method or means, wherein one or 
more predetermined symbols are removed without replacement from the client 
input, as positively recited by the subject matter of this claim. 

Further, Scott fails to provide that the security declarative module includes 
a global section configured to screen all types of cHent input values and an 
individual values section configured to screen particular types of client input 
values , as positively recited by the subject matter of claim 21, as amended. 

hi view of the foregoing deficiencies of Scott, and for reasons analogous to 
those argued above in regard to claim 1 (as amended), the Applicant asserts that 
the § 102 rejection of claim 21, as amended, is unsupportable and should be 
withdrawn. The Applicant asserts that claim 21 (as amended) is allowable. 

Claims 24-28 are allowable at least by virtue of their dependence fh)m an 
allowable base claim, as well as for their own respectively patentable subject 
matter. 



13 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 



Conclusion 

The pending claims are in condition for allowance and action to that end is 
respectfully requested. Should any issue remain that prevents allowance of the 
application, the Office is encouraged to contact the undersigned prior or issuance 
of a subsequent Office action. 



Respectfully submitted, 





Lance R. Sadler 
Reg. No. 38,605 
(509) 324-9256 
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